<?php
/**
 * @description
 *  超级用户管理入口文件
 *
 * filename : /admin/modules/admin/admin.php
 * date     : 2009-1-23 16:15
 * author   : hotgun
 * email    : hotgun@163.com
 * 
 * (c)copyright hotgun
 *
 * $Id: /admin/modules/admin/admin.php,v 1.0 2009-1-23 16:15 $
 */


// +--------------------------------------------------------------+ //
// 模块级变量预处理
$mod_url        = parse_mod_url();
$abs_modpath    = dirname(__FILE__);
$js_error       = 0;
$entrance       = load_module($mod, $action);
// +--------------------------------------------------------------+ //


// +--------------------------------------------------------------+ //
// 默认提示设置，表示成功后默认显示添加和列表模板两种操作
// 默认跳转提示设置，表示成功后默认跳转到列表模板
$G_msg  = array(
    'jobs'  => array('u.add' => null, 'u.li' => null ),
    'redirect' => 'u.li'
    );
// +--------------------------------------------------------------+ //


if($entrance != __FILE__) {
    // 子模块入口
    require($entrance);
} else {
    require($abs_modpath . '/admin.libs.php');
    if($action == 'u.login') {
        @session_start();
        @header("Cache-control: private");
        // 登录
        if($save == $save_flag) {
            // 登录开始
            $tbl_admin      = $_TABLES['admin'];
            $tbl_roles      = $_TABLES['admin_roles'];
            $tbl_cclass     = $_TABLES['admin_cclass'];
            $tbl_roles_rel  = $_TABLES['admin_roles_rel'];
            $tbl_roles_op   = $_TABLES['admin_roles_op'];

            InitGP(array('username','password','seccode'));
                                    
            if(!empty($_SESSION[$G_admin_session_key]) && strtolower($_SESSION[$G_admin_session_key]['validate_code']) == strtolower($seccode)) {
                $sql    = "SELECT uid, username, password, realname,valid,issu,qx,city,city1 FROM $tbl_admin WHERE username = '$username' ";

                $conn   = & get_db_conn();
                $rs     = $conn->GetRow($sql);
                if($rs && $rs['password'] == md5($password)) {
                if($rs['valid'] == '0') {
                        $GLOBALS['ERR']->AddError(_ERROR_BUSINESS, 
                                $GLOBALS['_LANGUAGE']['login check fail'], 
                                __FILE__,
                                __LINE__);
                    } else {
                    // 登录成功后读取角色
                    $rsql   = "SELECT RR.uid, RR.rid,
                                        R.id, R.rolename, R.description 
                                             FROM $tbl_roles_rel AS RR
                                        LEFT JOIN $tbl_roles AS R
                                               ON RR.rid = R.id
                                            WHERE RR.uid = '{$rs['uid']}' ";
                    $rolers = &$conn->Execute($rsql);
                    $rolers = $rolers->EOF ? array() : $rolers->GetRows();
                    
                    
                    foreach($rolers as $kr=>$kv) {
						$rcid1	.= @(int)$kv['cid1'] . ',';
						$rcid2	.= @(int)$kv['cid2'] . ',';
						$rcid3	.= @(int)$kv['cid3'] . ',';
						$rcid5	.= @(int)$kv['cid5'] . ',';
						$rcid6	.= @(int)$kv['cid6'] . ',';
						$rcid30	.= @(int)$kv['cid30'] . ',';
						$rcid56	.= @(int)$kv['cid56'] . ',';
						$rcid68	.= @(int)$kv['cid68'] . ',';
					}
					$rcid1 != '' && $rcid1   = substr($rcid1, 0, (strlen($rcid1)-1));
					$rcid2 != '' && $rcid2   = substr($rcid2, 0, (strlen($rcid2)-1));
					$rcid3 != '' && $rcid3   = substr($rcid3, 0, (strlen($rcid3)-1));
					$rcid5 != '' && $rcid5   = substr($rcid5, 0, (strlen($rcid5)-1));
					$rcid6 != '' && $rcid6   = substr($rcid6, 0, (strlen($rcid6)-1));
					$rcid30 != '' && $rcid30   = substr($rcid30, 0, (strlen($rcid30)-1));
					$rcid56 != '' && $rcid56   = substr($rcid56, 0, (strlen($rcid56)-1));
					$rcid68 != '' && $rcid68   = substr($rcid68, 0, (strlen($rcid68)-1));
                    
                    
                    $roleidin   = '';
                    foreach($rolers as $v) {
                        $roleidin  .= $v['rid'] . ',';
                    }
                    // 判断当前用户是否为超级用户
                    if($rs['issu'] == 1) {                    // 权限 -- 取消注释
                        $rolers[] = array(
                            'uid'   => $rs['uid'],
                            'rid'   => -1,
                            'id'    => -1,
                            'rolename'      => 'su',
                            'description'   => ''
                            );
                    }                                         // 权限 -- 取消注释
                    // 读取角色信息结束


                    // 读取内容控制信息
                    $ccids  = array();
                    $csql   = "SELECT cid FROM $tbl_cclass WHERE uid = '{$rs['uid']}' ";
                    $ccid   = &$conn->Execute($csql);
                    $ccid   = $ccid->EOF ? array() : $ccid->GetRows();
                    foreach($ccid as $c) {
                        $ccids[]  = $c['cid'];
                    }
                    // 读取内容控制信息结束


                    $opvar  = array();
                    $oprs   = array();
                    // 读取权限范围内的操作
                    if($roleidin != '') {
                        $roleidin   = substr($roleidin, 0, (strlen($roleidin)-1));
                        $opsql  = "SELECT * FROM $tbl_roles_op WHERE roleid IN ( $roleidin )";
                        $oprs   = &$conn->Execute($opsql);
                        $oprs   = $oprs->EOF ? array() : $oprs->GetRows();
                        foreach($oprs as $v) {
                            $opvar[$v['rightvar']] = @(int)$v['varvalue'];
                        }
                    }
                    // 读取权限范围内的操作结束


                    $login = array(
                        'lastip'    => realip(),
                        'lasttime'  => $timestamp
                        );
                    $_SESSION[$G_admin_session_key] = array(
                        'uid'       => $rs['uid'],
                        'qx'        => $rs['qx'],
                        'city'      => $rs['city'],
                        'city1'     => $rs['city1'],
                        'username'  => $rs['username'],
                        'realname'  => $rs['realname'],
                        'roles'     => $rolers,
                        'ccids'     => $ccids,
                        'site_id'	=> $rs['site_id'],
                        'station_id'	=> $rs['station_id'],                                                
                        'save_frame'=> 'save_frame_' . substr('00000000' . rand (1, 99999999), -8),
                        'opvar' => $opvar,
                        'rcid1'		=> $rcid1,
						'rcid2'		=> $rcid2,
						'rcid3'		=> $rcid3,
						'rcid5'		=> $rcid5,
						'rcid6'		=> $rcid6,
						'rcid30'	=> $rcid30,
						'rcid56'	=> $rcid56,
						'rcid68'	=> $rcid68,
                        );
                    $conn->AutoExecute($_TABLES['admin'],$login,'UPDATE','uid=' . $rs['uid'] . '');
                    
                    
                    
                    
                    
                    
                    
                    
                    
                    
                    
                    
                    
                    redirect($url_global['admin_main'] . '?sid=' . session_id());
                }
                } else {
                    $GLOBALS['ERR']->AddError(_ERROR_BUSINESS, 
                            $GLOBALS['_LANGUAGE']['login fail'], 
                            __FILE__,
                            __LINE__);
                }
            } else {
                $GLOBALS['ERR']->AddError(_ERROR_BUSINESS, 
                        $GLOBALS['_LANGUAGE']['seccode error'], 
                        __FILE__,
                        __LINE__);
            }
        }
        $cur_view   = 'views/login_view.php';
    } elseif($action == 'u.logout') {
        @session_start();
        unset($_SESSION[$G_admin_session_key]);
        $arr_jobs    = array();
        $G_msg  = array(
            'msg'   => '退出系统成功！',
            'jobs'  => null,
            'redirect' => 'u.login',
            );
        message();
        exit();
    } elseif($action == 'u.li') {
        // 用户列表
        $viewvar    = & li();
        $cur_view   = 'views/admin_li_view.php';
    } elseif(in_array($action, array('u.add', 'u.modify'))) {
        // 添加/修改用户
        if($save == $save_flag) {
            if(($action == 'u.add' && $uid = add()) && $uid > 0) {
                $G_msg['msg']   = '新增系统用户成功！';
            } elseif(($action == 'u.modify' && $uid = modify()) && $uid > 0) {
                $G_msg['msg']   = '修改系统用户成功！';
            } else {
                add_system_error();
            }
            if($uid > 0) {
                // 成功后操作
                $G_msg['jobs']['u.modify']   = array(
                    'param' => 'uid=' . $uid,
                    'name'  => '修改当前用户信息'
                    );
                message();
            }
        } else {
            $record     = read(@$_GET['uid']);
            $cur_view   = 'views/admin_data_view.php';
        }
    } elseif($action == 'u.del') {
        // 删除用户
        del();
    } elseif($action == 'u.self') {
        if($save == $save_flag) {
            if(self() > 0) {
                $G_msg['msg']   = '修改密码成功！';
                $G_msg['redirect']   = 'u.self';
                message();
            }
        } else {
            if(@(int)$_SESSION[$G_admin_session_key]['uid']>0) {
                $record     = read($_SESSION[$G_admin_session_key]['uid']);
                $cur_view   = 'views/admin_selfdata_view.php';
            } else {
                unset($_SESSION[$G_admin_session_key]);
                $G_msg  = array(
                    'redirect' => 'u.login'
                    );
                $GLOBALS['ERR']->AddError(_ERROR_BUSINESS, 
                            $GLOBALS['_LANGUAGE']['session disabled'], 
                            __FILE__,
                            __LINE__);
            }
        }
    } elseif($action == 'u.cclass') {
        // 给用户分配文章内容权限
        if($save == $save_flag) {
            if(cclass() > 0) {
                $G_msg['msg']   = '修改内容权限成功！';
                $G_msg['redirect']   = 'u.li';
                message();
            }
        } else {
            $record = cclassread(@$_GET['uid']);
            $cur_view   = 'views/cclass_data_view.php';
        }
    }
    /**
     * --------------------------------------------------- *
     * 附件列表，附件删除操作
     */
    elseif($action == 'a.li') {
        $vars   = ali();
        $cur_view   = 'views/attachment_li_view.php';
    } elseif($action == 'a.del') {
        adel();
    }
    /**
     * --------------------------------------------------- *
     */
    elseif($action == 'home') {
        require($G_abs_includes . '/conf/info.conf.php');
        $cur_view   = 'views/home_view.php';
    } elseif ($action == 'basic') {
		if($_SESSION[$G_admin_session_key]['username']=="admin")
		{
        if($save == $save_flag) {
            if(basicupdate()) {
                $G_msg['msg']   = '修改站点信息成功！';
                $G_msg['redirect']   = 'basic';
                message();
            }
        } else {
            require($G_abs_includes . '/conf/info.conf.php');
            $cur_view   = 'views/basic_view.php';
        }
		}
		else
		{
		    echo "<script>alert('仅超级管理员才能修改网站基本信息！');</script>";
			require($G_abs_includes . '/conf/info.conf.php');
            $cur_view   = 'views/basic_view.php';
		}
    } elseif('u.editf' == $action) {
		$param = array('id', 'act', 'val','isclass');
		InitGP($param,'G');
		$id = intval($id);
		$val = trim($val);
		/*if('order_no'==$field) {
			$val = bigint($val, 1);
		}*/


		if($id > 0 && $val!='') {
			$field = str_replace('edit_', '', $act);
			$conn   = & get_db_conn();

				$tbl = $_TABLES['article'];
				$conn->Execute("update $tbl SET $field = '$val' WHERE aid = '$id' ");
			$result['content'] = $val;
		}
		if($ajax) {
			exit($json->encode($result));
		}
	} elseif('u.toggle' == $action) {
		// 如果是切换状态
		$fields = array('valid');	/* 允许更改状态的字段 */
		$param = array('id', 'val', 'f', 'cval');
		InitGP($param);

		// 如果 $cval == 1 设置为 0
		// 如果 $cval == 0 设置为 1
		$id = intval($id);
		if(in_array($f,$fields)) {
			$val	= intval($val);
			$cval	= intval($cval);
			$newval	= 0;

			$conn   = & get_db_conn();
			// 得到老值
			$artflag = $conn->GetOne("SELECT `{$f}` FROM ".$_TABLES['admin']." WHERE uid='$id' ");
			$artflag = intval($artflag);


			if($cval==1) {
				// 去掉该标志
				$artflag = $artflag&(~$val);
			} else {
				// 增加该标志
				$artflag = $artflag|$val;
			}
			//echo "UPDATE ".$_TABLES['admin']." SET `{$f}`='$artflag' WHERE uid='$id' ";

			if($conn->Execute("UPDATE ".$_TABLES['admin']." SET `{$f}`='$artflag' WHERE uid='$id' ")) {
				$result['content'] = $cval==0 ? 1 : 0;
			}

		}
		if($ajax) {
			exit($json->encode($result));
		}
	}
}
// 在载入视图之前，先查看错误集中是否有错误
check_error($js_error);
// 载入视图
require($abs_modpath . '/' . $cur_view);
?>